With Thom claiming a last minute emergency, Andy and Javvad changed the script on-the-fly (as usual) to talk about the former-Uber CSO being made a scapegoat (or was he?) And other general ramblings on cyber security stories from the week.
From @HostUnknownTV
This week in Infosec
2nd October 1998: BUTTSniffer Beta 0.9 was released by Cult of the Dead Cow. Developed by DilDog.
The big question is "When can we expect the long-awaited version 1.0 release?" 24 years is kind of a long wait.
https://twitter.com/todayininfosec/status/1312179619659874305
https://twitter.com/todayininfosec/status/1312589059559170050
Billy Big Ranty Balls Tweet of the Week
Former Uber CSO convicted for covering up massive 2016 data theft
Joe Sullivan, Uber's former chief security officer, has been found guilty of illegally covering up the theft of Uber drivers and customers' personal information.
Sullivan, previously a cybercrime prosecutor for the US Department of Justice, was charged two years ago with obstruction of justice and misprision – concealing a felony from law enforcement. He was convicted on both counts today.
On November 21, 2017, Uber CEO Dara Khosrowshahi issued a statement acknowledging that in late 2016, miscreants had broken into the app giant's infrastructure and made off with 57 million customer and driver records. Sullivan, along with Craig Clark, legal director of security and law enforcement, were fired as a result.
Sullivan, according to court documents, learned of the theft in November 2016, about ten days after he had provided testimony to the US Federal Trade Commission about a 2014 cyberattack on Uber. Concerned that another data security breach would harm the company, Sullivan tried to cover up that 2016 heist by trying to pass off a ransom payment, made to the thieves to recover the data, as a bug bounty award.
Industry News
T: Kardashian Charged by SEC After Crypto Post
A: Malicious Tor Browser Installers Spread Via Darknet Video on YouTube
J: New Initiative Aims to Strengthen UK's Nuclear Cybersecurity Posture
T: Landmark US-UK Data Access Agreement Begins
A: Ransomware Group Bypasses "Enormous" Range of EDR Tools
J: Australia's Data Breaches Continue With Telstra's Third-Party Supplier Hacked
T: Retailer Easylife Fined £1.5m for Data Protection Breaches
A: US Healthcare Giant CommonSpirit Hit by Possible Ransomware
J: Uber's Former Security Chief Convicted of 2016 Data Breach Cover-Up
Tweet of the Week:
